
Data Privacy Policy
Effective date : 22/01/2023 |
Review Date : 18/04/2022
Document version 1.2
Policy Statement
When Shriram Life receives a transaction instructions from you through the online/electronic/auto payment mode, Company will be entitled to debit the due payment plus applicable charges payable for the said transaction from the account specified by you. Company shall not be liable if any transaction does not fructify or may not be completed or for any failure on part of the bank or the credit card agency to perform any of its obligations. Company shall be under no liability whatsoever in respect of any loss or damage arising directly or indirectly out of the decline of authorization for any transaction, on account of the cardholder having exceeded the preset limit mutually agreed by the cardholder with the card issuing entity from time to time. Shriram Life adheres to the “refund & cancellation processes” as per the IRDAI norms (issued from time to time).
Purpose
The User’s right to privacy is of paramount importance to Shriram Life. Any information provided by the User will not be shared with any third party, provided any statutory authority warrants the same. Shriram Life reserves the right to use the information to provide the User a more personalized online experience.
17+
Years of building prosperity
Falling to offer choices
Indivduals should be free to choose how the company uses data related to them
Reputational Damage
The company could suffer if hackers successfully gained access to sensitive data
Scope
This policy applies to all emplouyees of the SLIC and any Third party the processes the personally identifiable information (PII).
Standard and Procedures
In publishing and graphic design, Lorem ipsum is a placeholder text commonly used to demonstrate the visual form of a document or a typeface without relying on meaningful content. L
- Processed fairly and lawfully
- Adequate,relevant and not excessive
- Accurate and up to data must br processed
- Processed in accordance with data subjuets right
- Processed fairly and lawfully
- Processed for specified purposes only
- All the PII data must be processed as per the governance guidelines
- Optain consent for PII data e.g identification number (UIN),Biomatric,Pan,etc
Data Collection
SLIC collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:
- Collect the minimum PII personal data required to support business activity or as mandated by law
- Collect PII personal data directly from the individual, when possible
- Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, Unique Identification Number (UIN), biometric information & etc.)
- Collection of Aadhaar data will be as per the Aadhaar Act 2016,amendment regulations and other circulars released by IRDAI, UIDAI from time to time
- Verify that PII personal data collected from third parties is reliable andlegally obtained and mandated as per by law
- Collect PII personal data in a fair and non-deceptive manner
Data Storage
All electronic files that contain Protected PII data (e.g. UIN, biometric information, PAN number, health details & etc) will reside
within a protected SLIC DC information system location.
- All physical files that contain Protected PII will reside within a locked file cabinet or room when not being actively viewed or modified.
- Protected PII is not to be downloaded by employee, or contractor workstations or mobile devices (such as laptops, personal digital assistants, mobile phones, tablets or removable media) or to systems outside the protection of the organisation.
- When disposing of PII the physical or electronic file should be shredded or securely deleted.
- Protected PII will also not be sent through any form of insecure electronic communication E.g. E-mail or instant messaging systems. Significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed o
Data Retention
LIC does not retain PII personal data any longer than is absolutely necessary. The retention period for PII personal data is determined by:
- The purpose of the data collected
- The fulfillment of that purpose
- The mode of storage, archival and back up of personal data collected
- Retention periods, as mandated by any contractual and/or regulatory requirements
- All the guidelines will be followed for data retention as per IRDA, UIDAI, Cyber Security and ISO Standard
- Data Disposal: SLIC Data Disposal requires managerial approval for the disposal, destruction and deletion of any personal data. Our data disposal procedures prevent the recovery, theft, misuse or unauthorized access of personal data. All the PII data will
References
- Information Handling Policy
- Media Disposal Policy
Policy Statement
All the PII data like UIN, PAN Number, Biometric Information, Health Details and other required details will be collected with proper consent from the owners, SLIC employees, any third party,and various stakeholders for processing the information as required by SLIC.
UIN along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it.
If required any biometric information will be collected, using the registered devices specified by UIDAI. The demographic details of the individual received from UIDAI as a response shall be used for identification of the individual for the specific purposes of providing the specific services for the duration of the services. e-KYC will be carried out by authentication facility provided by the authority or by trained SLIC employees at the SLIC office.
The identity information collected and processed shall only be used pursuant to applicable law and as permitted under the Aadhaar Act 2016 or its Amendment and Regulations given time to time. The identity information shall not be used beyond the mentioned purpose without consent from the UIN holder and even with consent use of such information for other purposes should be under the permissible purposes in compliance to the Aadhaar Act 2016.
Process shall be implemented to ensure that Identity information is not used beyond the purposes mentioned in the notice/consent form provided to the UIN holder. No financial information such as Bank account or credit card or debit card or other payment instrument details will be collected by SLIC employees at the time of providing the services.
All the PII personal data collected will be stored securely and confidentiality will be maintained.UIN will be masked in all the online application used by SLIC during the service being provided to the client. PII personal date shall not be shared in contravention to the Aadhaar Act 2016, its Amendment, Regulations and other circulars released by UIDAI from time to time.
Exception
Any exception to this policy shall be approved by Chief Information Security Officer (CISO)/ IT Team of Shriram Life Insurance Company Ltd.
Note: All the guidelines will be followed for data privacy as per Cyber Security, ISO Standard, IRDAI, UIDAI, and Aadhaar Act 2016.